https://bugzilla.wikimedia.org/show_bug.cgi?id=55639
Carl Austin Bennett <carlb...@hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlb...@hotmail.com
--- Comment #1 from Carl Austin Bennett <carlb...@hotmail.com> ---
What exactly are you trying to do?
From
http://en.illogicopedia.org/wiki/Forum:Really,_seriously,_actually_moving,_for_real_this_time
it would very much appear that you are prompting for username and password,
then using these credentials to log onto some other server which is not yours.
Once there, you seem to be trying to ask for individual user's e-mail, real
name or personal info by claiming to be that user.
If so, that's really not the way that MW is intended to work and, from a
security standpoint, is a really questionable way of doing things.
There is a proper way of handling this sort of authentication without having
users give you (wittingly or unwittingly) their password from some other
server. You might want to look at the way the TUSC accounts are created, for
instance - the user logs onto the original server and places some sort of token
on their page there to indicate they're the same person requesting a new
password. A similar approach was used to match Wikitravel users to the same
user on Wikivoyage - even though the former is abusing
[[mw:extension:AbuseFilter]] to ban all mention of WV.
If the user wants to give you their real name or e-mail, they will do so...
directly.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
